csachet_apps-auth-methods | Stripe Developers | Page 1

unkempt caveBOT May 17, 2024, 5:10 PM

#

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1241075406858223707

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

spare sluice May 17, 2024, 5:13 PM

#

Hello! Give me a few minutes to check on that for you

unkempt caveBOT May 17, 2024, 5:15 PM

#

topaz pendant May 17, 2024, 5:17 PM

#

Hi 👋

I'm stepping in as my colleague needs to go.

#

Just so I'm clear, your current app uses an OAuth authentication flow? Following this guide?
https://docs.stripe.com/stripe-apps/api-authentication/oauth

raw elbow May 17, 2024, 5:20 PM

#

Hi!

Yes, exactly. We only plan on having the Stripe App to enable the OAuth authentication. We don't have anything else implemented in the App.

topaz pendant May 17, 2024, 5:22 PM

#

Okay so you would use your OAuth install link to allow users to install your app: https://docs.stripe.com/stripe-apps/api-authentication/oauth#create-install-link

#

In this flow, we envision your users being on your site, not in their Stripe dashboard.

From your webpage, redirect to your OAuth install link

#

Oh wait, sorry I misread your earlier message

Create a clear path for users to unauthenticate the app from within the Stripe Dashboard UI.
What do you mean by unauthenticate here?

raw elbow May 17, 2024, 5:25 PM

#

Yes, so during the authentication process, the User will click a button which requests the install link and then the Stripe App is installed on their account, on Stripe's side.

On the docs it says:

Create a clear path for users to unauthenticate the app from within the Stripe Dashboard UI

What I'm assuming is once the User is authenticated he needs the ability to unauthenticate the app. What I'm not sure is what does "clear path" means in this context.
Is there an uninstall link I can provide them with a button on the App?

#

maybe the question is: What is unauthenticate in this context? Remove the credentials on our side?

topaz pendant May 17, 2024, 5:28 PM

#

I do think that wording is ambiguous. Let me see if I can get some clarification for you.

topaz pendant May 17, 2024, 5:51 PM

#

Okay I'm still waiting on this as it's kicked off an internal discussion

raw elbow May 17, 2024, 5:58 PM

#

No problem, I appreciate your help.

topaz pendant May 17, 2024, 6:28 PM

#

Okay I have some clarification. The uninstall flow should handle this requirement for you.

Unless you were building your application with authentication at the user level instead of the account level, it is unnecessary. Essentially what that line was referring to was a special variant of OAuth: https://docs.stripe.com/stripe-apps/pkce-oauth-flow where invididual users of your app signed in through a UI in your app. In that case, you would also need to have a way for them to sign out.

Sorry for the delay

raw elbow May 17, 2024, 6:33 PM

#

Oh I see. Ok, in that case I think we're good.
Thank you for your help!

topaz pendant May 17, 2024, 6:34 PM

#

Sure thing! Happy to help 🙂

unkempt caveBOT May 17, 2024, 6:55 PM

#

#csachet_apps-auth-methods